From: Jeffrey Laramie <JALaramie@Loudoun-Fairfax.com>
To: Lista de netfilter <netfilter@lists.netfilter.org>
Subject: Re: port forwarding in a web server
Date: Mon, 24 Nov 2003 12:20:17 -0500 [thread overview]
Message-ID: <3FC23DD1.8080901@Loudoun-Fairfax.com> (raw)
In-Reply-To: <1069690404.1083.15.camel@webmail.aeropostal.com.ve>
Juan Hernandez wrote:
>Hi there...
>
> This may have been answered many times in this mailing list but I
>haven't found anything on the web about something that would make my
>server forward the way I want to, and what's ironic is that it seems
>simple. Here's my scenario: I have a static IP address routed (1.1.1.1)
>to one server using a 192.168.0.* address. Is a cisco router and
>everything works fine. This server has 192.168.0.1 as it's address and
>functions as a web server, everything works fine but, I have another
>server that works as our mail server that is using 192.168.0.2. I've
>been trying to redirect everything coming from port 25 to my mail server
>but it doesn't get any answer. These are the rules I've been using:
>
>echo 1 > /proc/sys/net/ipv4/ip_forward
>
>modprobe iptable_nat
>
>#allow all outgoing traffic from the mail server
>
>iptables -t nat -A POSTROUTING -p tcp -o eth0 -j SNAT --to 192.168.0.1
>
>#dnat
>iptables -t nat -A PREROUTING -p tcp --dport 25 -i eth0 -j DNAT --to
>192.168.0.1:25
>
>The gateway on the mailserver is 192.168.0.1 which is the webserver that
>it's forwarding everything... and I have tried so many things that
>sometimes the webserver stops working...
>
>
I'm having trouble understanding questions this morning (maybe I need
more coffee!). Is this your configuration?
router <-> [firewall box] <-> [webserver] <-> [mailserver]
This won't work since the webserver doesn't know what to do with the
packets your sending it on port 25. You need to direct the packets to
192.168.0.2 port 25. If the mailserver is on a different LAN then you
should be using a different subnet for each LAN. You'll also have to
configure the mailserver to forward packets.
Hope this helps
Jeff
next prev parent reply other threads:[~2003-11-24 17:20 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-24 16:13 port forwarding in a web server Juan Hernandez
2003-11-24 17:11 ` Rob Sterenborg
2003-11-24 17:47 ` Juan Hernandez
2003-11-24 17:56 ` Juan Hernandez
2003-11-24 17:20 ` Jeffrey Laramie [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-11-24 16:05 Juan Hernandez
2003-11-26 15:24 ` Aldo S. Lagana
2003-11-26 15:52 ` Juan Hernandez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3FC23DD1.8080901@Loudoun-Fairfax.com \
--to=jalaramie@loudoun-fairfax.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.